Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php.
CPE | Name | Operator | Version |
---|---|---|---|
dolibarr_erp\\/crm | eq | 3.5.3 |